IETF Logo Mail Archive

Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields

"Manger, James H" <James.H.Manger@team.telstra.com> Thu, 03 October 2013 02:30 UTC

Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BEA821F9E95 for <jose@ietfa.amsl.com>; Wed, 2 Oct 2013 19:30:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.901
X-Spam-Level:
X-Spam-Status: No, score=-0.901 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, HTML_MESSAGE=0.001, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QxbHMWZDivnP for <jose@ietfa.amsl.com>; Wed, 2 Oct 2013 19:30:45 -0700 (PDT)
Received: from ipxavo.tcif.telstra.com.au (ipxavo.tcif.telstra.com.au [203.35.135.200]) by ietfa.amsl.com (Postfix) with ESMTP id BB04B21F9E98 for <jose@ietf.org>; Wed, 2 Oct 2013 19:29:27 -0700 (PDT)
X-IronPort-AV: E=Sophos; i="4.90,1023,1371045600"; d="scan'208,217"; a="159152446"
Received: from unknown (HELO ipcavi.tcif.telstra.com.au) ([10.97.217.200]) by ipoavi.tcif.telstra.com.au with ESMTP; 03 Oct 2013 12:29:27 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,7216"; a="219668470"
Received: from wsmsg3701.srv.dir.telstra.com ([172.49.40.169]) by ipcavi.tcif.telstra.com.au with ESMTP; 03 Oct 2013 12:29:26 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3701.srv.dir.telstra.com ([172.49.40.169]) with mapi; Thu, 3 Oct 2013 12:29:26 +1000
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Justin Richer <jricher@mitre.org>, Jim Schaad <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>
Date: Thu, 03 Oct 2013 12:29:24 +1000
Thread-Topic: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields
Thread-Index: AQHOv3tsOWz3vab9FU6tVj6nrFz1Spnh8eYAgABKDrA=
Message-ID: <255B9BB34FB7D647A506DC292726F6E115318CAE20@WSMSG3153V.srv.dir.telstra.com>
References: <4E1F6AAD24975D4BA5B16804296739436B7FBEA6@TK5EX14MBXC283.redmond.corp.microsoft.com> <521E552B.6060100@mitre.org> <CAOKiTbvnNka5jkY97ezyieGKhi_7WvnL6oEXTZNeWYzGWdEP+A@mail.gmail.com> <5223FF8E.1@nri.co.jp> <02f001cebf07$c0096300$401c2900$@augustcellars.com> <524C2CAF.1090009@mitre.org> <4E1F6AAD24975D4BA5B16804296739437201A306@TK5EX14MBXC290.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739437201A306@TK5EX14MBXC290.redmond.corp.microsoft.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: multipart/alternative; boundary="_000_255B9BB34FB7D647A506DC292726F6E115318CAE20WSMSG3153Vsrv_"
MIME-Version: 1.0
Subject: Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Oct 2013 02:30:57 -0000

> It’s not like the set of “kty” values is a fast-moving target.

A new classes of crypto might appear only occasionally, but I’m not sure that is the only time a new “kty” value will be needed. If your RSA private key is held in a smartcard a JWK representing that key to your software will not have “d”, “p” and “q” fields, but might have a PKCS#15 path and a PIN to unlock the smartcard. When an RSA key in on a TPM chip the JWK may have a TPMKEY URI <draft-mavrogiannopoulos-tpmuri>. When an RSA key is behind a PKCS#11 API the JWK needs the parameters to pass to PKCS#11 functions.

Do these JWKs use “kty”:”RSA”?

--
James Manger

From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones
Sent: Thursday, 3 October 2013 7:47 AM
To: Justin Richer; Jim Schaad; jose@ietf.org
Subject: Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields

I agree with Justin that the motivation for the breaking change seems pretty hypothetical to me.  Besides, a new standard key type only tends to be introduced every decade or so, so it *really* wouldn’t be that hard to update the hypothetical key filtering software to correctly filter new key types when needed, should such software ever be written.  It’s not like the set of “kty” values is a fast-moving target.

                                                                -- Mike

From: jose-bounces@ietf.org<mailto:jose-bounces@ietf.org> [mailto:jose-bounces@ietf.org] On Behalf Of Justin Richer
Sent: Wednesday, October 02, 2013 7:25 AM
To: Jim Schaad; jose@ietf.org<mailto:jose@ietf.org>
Subject: Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields

I think that the argument below is misleading -- why kind of hypothetical key parsing or filtering program is going to read a JWK that doesn't know the key types it's parsing out? I'm still not seeing the value in having things split out. From my vantage, it seems to be a fairly arbitrary syntax decision, and at this point I'd really rather not change syntax on stuff I'm already using on a daily basis.

 -- Justin
On 10/01/2013 08:38 PM, Jim Schaad wrote:
There is an argument below that it would be more robust to make any filter software know what is public and what is private since that enforces a per-type evaluation.  However I would argue that this is a problem for any new key type that is published after such filter software is done.

The program which is creating the JWK object is going to know what is public and what is private because it must have been updated in order to export the correct fields for the new key type.  However the filter code may not have been updated to understand this new key type and therefore has no ability to know what is public and what is private unless it was also programmed to do a registry lookup in the IANA registry to figure this out.  Even then it would be unable to deal with private key types.

By placing all private fields in a private object, the filter program would always be able to correct do the filtering and make sure that private key material is not published as it would, by definition, be in a single object which is easily identified.  This means that a server would not need to reject any new key types that it does not understand when trying to make sure that private information is not published.

To me this is more robust than not having this indicated by the exporter functions.

This is similar to what is done today in the ASN.1 case.  The ASN.1 structure description is different between the public key and the private key structures for those things you know about.  This makes it easy to do the decode on the public key and ensure that nothing exists that shouldn’t.  It is not possible for us to do a filter based just on the public fields since there are other elements that exist in the JWK object which have nothing to do with the key value.  I would not advocate having both a public and a private member object since that would be slightly ridiculous.

Jim

v2.23.0 | Report a Bug | By Email